Snort mailing list archives
Re: snort-inline and iptables INPUT chain
From: Laurent Haond <lhaond () bearstech com>
Date: Wed, 02 Mar 2005 17:55:48 +0100
Will Metcalf a écrit :
hmmm what does your snort_inline.conf look like? What version of snort-inline are you using? Regards, Will
Using latest snort 2.3.0 freshly compiledconfigure was : --prefix=/usr --bindir=/usr/sbin --sysconfdir=/etc --enable-inline --enable-flexresp
snort.conf : #=================================================== var HOME_NET 192.168.0.0/24 var EXTERNAL_NET any var DNS_SERVERS $HOME_NET var SMTP_SERVERS $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var TELNET_SERVERS $HOME_NET var SNMP_SERVERS $HOME_NET var HTTP_PORTS 80 var SHELLCODE_PORTS !80 var ORACLE_PORTS 1521var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
var RULE_PATH /var/lib/snort config detection: search-method lowmem preprocessor flow: stats_interval 0 hash 2 preprocessor frag2 preprocessor stream4: midstream_drop_alerts preprocessor stream4_reassemble preprocessor bo preprocessor telnet_decodepreprocessor perfmonitor: reset time 60 pktcnt 100 file /var/log/snort/perfs.log
output alert_unified: filename /var/log/snort/alert, limit 5M output log_unified: filename /var/log/snort/packet, limit 5M include /var/lib/snort/classification.config include /var/lib/snort/reference.config include $RULE_PATH/local.rules include $RULE_PATH/bad-traffic.rules include $RULE_PATH/exploit.rules include $RULE_PATH/scan.rules include $RULE_PATH/finger.rules include $RULE_PATH/ftp.rules include $RULE_PATH/telnet.rules include $RULE_PATH/rpc.rules include $RULE_PATH/rservices.rules include $RULE_PATH/dos.rules include $RULE_PATH/ddos.rules include $RULE_PATH/dns.rules include $RULE_PATH/tftp.rules include $RULE_PATH/web-cgi.rules include $RULE_PATH/web-coldfusion.rules include $RULE_PATH/web-iis.rules include $RULE_PATH/web-frontpage.rules include $RULE_PATH/web-misc.rules include $RULE_PATH/web-client.rules include $RULE_PATH/web-php.rules include $RULE_PATH/sql.rules include $RULE_PATH/x11.rules include $RULE_PATH/icmp.rules include $RULE_PATH/netbios.rules include $RULE_PATH/misc.rules include $RULE_PATH/attack-responses.rules include $RULE_PATH/oracle.rules include $RULE_PATH/mysql.rules include $RULE_PATH/snmp.rules include $RULE_PATH/smtp.rules include $RULE_PATH/imap.rules include $RULE_PATH/pop2.rules include $RULE_PATH/pop3.rules include $RULE_PATH/nntp.rules include $RULE_PATH/other-ids.rules include $RULE_PATH/web-attacks.rules include $RULE_PATH/backdoor.rules include $RULE_PATH/icmp-info.rules include $RULE_PATH/virus.rules include $RULE_PATH/chat.rules include $RULE_PATH/p2p.rules include $RULE_PATH/experimental.rules #============================================================================== I will give a try without --enable-flexresp... Regards Laurent ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-inline and iptables INPUT chain Laurent Haond (Feb 28)
- Re: snort-inline and iptables INPUT chain Victor Julien (Feb 28)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 01)
- Re: snort-inline and iptables INPUT chain Will Metcalf (Mar 02)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 02)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 02)
- Re: snort-inline and iptables INPUT chain Will Metcalf (Mar 02)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 02)
- Re: snort-inline and iptables INPUT chain Will Metcalf (Mar 02)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 02)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 01)
- Re: snort-inline and iptables INPUT chain Victor Julien (Feb 28)
- Re: snort-inline and iptables INPUT chain Laurent Haond (Mar 02)